-
Notifications
You must be signed in to change notification settings - Fork 6
125 lines (116 loc) · 4.67 KB
/
build_sdk.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt
name: "Build SDK"
on:
workflow_call:
inputs:
version:
required: true
type: string
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
PULUMI_API: https://api.pulumi-staging.io
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
PYPI_USERNAME: __token__
SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
TF_APPEND_USER_AGENT: pulumi
PROVIDER_VERSION: ${{ inputs.version }}
jobs:
build_sdk:
name: build_sdk
runs-on: ubuntu-latest
strategy:
# We normally fail fast unless this is a PR from Renovate in which case
# we'll always build all SDKs in case there are any changes to commit.
fail-fast: ${{ ! contains(github.actor, 'renovate') }}
matrix:
language:
- nodejs
- python
- dotnet
- go
- java
steps:
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- name: Cache examples generation
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4
with:
path: |
.pulumi/examples-cache
key: ${{ runner.os }}-${{ hashFiles('provider/go.sum') }}
- name: Setup tools
uses: ./.github/actions/setup-tools
with:
tools: pulumictl, pulumicli, ${{ matrix.language }}
- name: Prepare local workspace
run: make prepare_local_workspace
- name: Download tfgen
uses: ./.github/actions/download-tfgen
- name: Update path
run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH"
- name: Restore makefile progress
run: make --touch provider schema
- name: Build SDK
run: make build_${{ matrix.language }}
- name: Check worktree clean
id: worktreeClean
uses: pulumi/git-status-check-action@v1
with:
# Keep these in sync with the Renovate step below to avoid them getting checked in.
allowed-changes: |
sdk/**/pulumi-plugin.json
sdk/dotnet/*.csproj
sdk/go/**/pulumiUtilities.go
sdk/nodejs/package.json
sdk/python/pyproject.toml
- name: Commit ${{ matrix.language }} SDK changes for Renovate
# If the worktree is dirty and this is a Renovate PR to bump
# dependencies, commit the updated SDK and push it back to the PR. The
# job will still be marked as a failure.
if: failure() && steps.worktreeClean.outcome == 'failure' && contains(github.actor, 'renovate') && github.event_name == 'pull_request'
shell: bash
run: |
git diff --quiet -- sdk && echo "no changes to sdk" && exit
git config --global user.email "[email protected]"
git config --global user.name "pulumi-bot"
# Stash local changes and check out the PR's branch directly.
git stash
git fetch
git checkout "origin/$HEAD_REF"
# Apply and add our changes, but don't commit any files we expect to
# always change due to versioning.
git stash pop
git add sdk
git reset \
sdk/python/*/pulumi-plugin.json \
sdk/python/pyproject.toml \
sdk/dotnet/pulumi-plugin.json \
sdk/dotnet/Pulumi.*.csproj \
sdk/go/*/pulumi-plugin.json \
sdk/go/*/internal/pulumiUtilities.go \
sdk/nodejs/package.json
git commit -m 'Commit ${{ matrix.language }} SDK for Renovate'
# Push with pulumi-bot credentials to trigger a re-run of the
# workflow. https://github.com/orgs/community/discussions/25702
git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} \
"HEAD:$HEAD_REF"
env:
# head_ref is untrusted so it's recommended to pass via env var to
# avoid injections.
HEAD_REF: ${{ github.head_ref }}
- name: Upload SDK
uses: ./.github/actions/upload-sdk
with:
language: ${{ matrix.language }}